-import * as express from 'express'
+import express from 'express'
import { body } from 'express-validator'
import { isPreImportVideoAccepted } from '@server/lib/moderation'
import { Hooks } from '@server/lib/plugins/hooks'
+import { HttpStatusCode } from '@shared/models'
import { VideoImportCreate } from '@shared/models/videos/import/video-import-create.model'
import { isIdValid, toIntOrNull } from '../../../helpers/custom-validators/misc'
import { isVideoImportTargetUrlValid, isVideoImportTorrentFile } from '../../../helpers/custom-validators/video-imports'
import { isVideoMagnetUriValid, isVideoNameValid } from '../../../helpers/custom-validators/videos'
import { cleanUpReqFiles } from '../../../helpers/express-utils'
import { logger } from '../../../helpers/logger'
-import { doesVideoChannelOfAccountExist } from '../../../helpers/middlewares'
import { CONFIG } from '../../../initializers/config'
import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
-import { areValidationErrors } from '../utils'
+import { areValidationErrors, doesVideoChannelOfAccountExist } from '../shared'
import { getCommonVideoEditAttributes } from './videos'
-import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes'
+import { isValid as isIPValid, parse as parseIP } from 'ipaddr.js'
const videoImportAddValidator = getCommonVideoEditAttributes().concat([
body('channelId')
if (CONFIG.IMPORT.VIDEOS.HTTP.ENABLED !== true && req.body.targetUrl) {
cleanUpReqFiles(req)
- return res.status(HttpStatusCode.CONFLICT_409)
- .json({ error: 'HTTP import is not enabled on this instance.' })
+
+ return res.fail({
+ status: HttpStatusCode.CONFLICT_409,
+ message: 'HTTP import is not enabled on this instance.'
+ })
}
if (CONFIG.IMPORT.VIDEOS.TORRENT.ENABLED !== true && (req.body.magnetUri || torrentFile)) {
cleanUpReqFiles(req)
- return res.status(HttpStatusCode.CONFLICT_409)
- .json({ error: 'Torrent/magnet URI import is not enabled on this instance.' })
+
+ return res.fail({
+ status: HttpStatusCode.CONFLICT_409,
+ message: 'Torrent/magnet URI import is not enabled on this instance.'
+ })
}
if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
if (!req.body.targetUrl && !req.body.magnetUri && !torrentFile) {
cleanUpReqFiles(req)
- return res.status(HttpStatusCode.BAD_REQUEST_400)
- .json({ error: 'Should have a magnetUri or a targetUrl or a torrent file.' })
+ return res.fail({ message: 'Should have a magnetUri or a targetUrl or a torrent file.' })
+ }
+
+ if (req.body.targetUrl) {
+ const hostname = new URL(req.body.targetUrl).hostname
+
+ if (isIPValid(hostname)) {
+ const parsed = parseIP(hostname)
+
+ if (parsed.range() !== 'unicast') {
+ cleanUpReqFiles(req)
+
+ return res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'Cannot use non unicast IP as targetUrl.'
+ })
+ }
+ }
}
if (!await isImportAccepted(req, res)) return cleanUpReqFiles(req)
if (!acceptedResult || acceptedResult.accepted !== true) {
logger.info('Refused to import video.', { acceptedResult, acceptParameters })
- res.status(HttpStatusCode.FORBIDDEN_403)
- .json({ error: acceptedResult.errorMessage || 'Refused to import video' })
+ res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: acceptedResult.errorMessage || 'Refused to import video'
+ })
return false
}
projects / github / Chocobozzz / PeerTube.git / blobdiff